Canada's new Bill C-28 aims to reduce email spam

Canada has recently passed new ligislation with the introduction of Bill C-28 that is aimed at greatly cutting
down on the amount of email spam businesses are getting everyday. David Poellhuber is the chief operations
officer of Montreal-based ZeroSpam.

Canada's new Bill C-28 clamps down on unsolicited commercial e-mail, forcing businesses that send bulk emails
to be able to demonstrate the receivers’ permission to send advertising or promotional email messages.

Poellhuber says “We’re all for it. We just think it’s badly named, that's all.” He thinks it's badly named
because it’s not going to do much to deter spammers which are almost always a step or two ahead of anybody
else, especially governments. “It’s not going to reduce much of the spam you and I receive in our inboxes,” he
says. "It might make a small dent, but it won't be significant," he added.

That’s because almost 71 percent of all email spam comes from botnets (complex networks that send millions
of spam emails per hour) in Brazil, Roumania, Poland, China, the U.S., Russia and other countries. "Botnets
don’t care about laws," said Poellhuber.

The basic principle of the new legislation specifically demands that businesses have recipients’ permission
to send them email (unless there’s a prior business relationship) and, just as importantly, makes businesses
that send bulk emails responsible for proving that permission.

Fines levied by the CRTC can amount up to $1 million for individuals and $10 million for businesses that
break the law.

In a statement proclaiming “Victory!,” the Coalition Against Unsolicited Commercial E-mail (CAUCE) welcomed
and fully embraced the new bill. “It’s been a long time coming, but Canada has an anti-spam law, and one which
sets a new world standard,” wrote executive director Neil Schwartzman.

“It has a tough, but fair, opt-in protocol for everyone in North America who sends commercial e-mail and
other commercial messages,” he says.

Poellhuber added "I beg to differ on the “fair” aspect of that statement, without rejecting the need for
legislation to deal with UCE. Given the context of who sends spam, legitimate businesses, not botnets, shoulder
a disproportionate amount of the burden."

As he points out, after the law takes effect, businesses won’t be able to ask for permission to send e-mail,
either.

And as to its effect, the U.S. has had its CAN SPAM Act since 2004, and by far, it’s still the No. 1 source
of spam globally, producing a staggering 38 percent of all email spam sent on the Internet everyday, according
to Cipher Trust statistics.

But the U.S. did have some litigious success against the most persistent and unapologetic spam artists,
however. And it will prosecute “the most egregious” violators among the small percent of non-botnet spammers
that are Canadian-based.

Bill C-28 also has been widely received as potentially more effective than CAN SPAM, which has an opt-out
protocol, rather than opt-in.

However, the most significant security risk from email spam is that it is created by organized criminals:
phishing attacks and identity theft, for example, and organized criminals, by definition, aren’t the most
respectful of laws, if any.

"Businesses must recognize that e-mail is a risky business, and it’s one most businesses shouldn’t be in,"
added Poellhuber.

His company, ZeroSpam has a real-time spam index on the company's home page detailing what percentage of
e-mail processed by its servers is rejected as spam. For the last week, it’s been running at 77 to 91 percent.